doc/arm/Bv9ARM.ch03.html

	Bv9ARM.ch03.html revision af40ebed6257e4ac1996144530b3de317cf4da11
080575042aba2197b425ebfd52061dea061a9aa1xy<!--
080575042aba2197b425ebfd52061dea061a9aa1xy - Copyright (C) 2004-2015 Internet Systems Consortium, Inc. ("ISC")
080575042aba2197b425ebfd52061dea061a9aa1xy - Copyright (C) 2000-2003 Internet Software Consortium.
080575042aba2197b425ebfd52061dea061a9aa1xy -
080575042aba2197b425ebfd52061dea061a9aa1xy - Permission to use, copy, modify, and/or distribute this software for any
080575042aba2197b425ebfd52061dea061a9aa1xy - purpose with or without fee is hereby granted, provided that the above
080575042aba2197b425ebfd52061dea061a9aa1xy - copyright notice and this permission notice appear in all copies.
080575042aba2197b425ebfd52061dea061a9aa1xy -
080575042aba2197b425ebfd52061dea061a9aa1xy - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
080575042aba2197b425ebfd52061dea061a9aa1xy - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
080575042aba2197b425ebfd52061dea061a9aa1xy - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
080575042aba2197b425ebfd52061dea061a9aa1xy - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
080575042aba2197b425ebfd52061dea061a9aa1xy - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
080575042aba2197b425ebfd52061dea061a9aa1xy - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
080575042aba2197b425ebfd52061dea061a9aa1xy - PERFORMANCE OF THIS SOFTWARE.
080575042aba2197b425ebfd52061dea061a9aa1xy-->
080575042aba2197b425ebfd52061dea061a9aa1xy<html>
080575042aba2197b425ebfd52061dea061a9aa1xy<head>
080575042aba2197b425ebfd52061dea061a9aa1xy<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
080575042aba2197b425ebfd52061dea061a9aa1xy<title>Chapter�3.�Name Server Configuration</title>
080575042aba2197b425ebfd52061dea061a9aa1xy<meta name="generator" content="DocBook XSL Stylesheets V1.78.1">
080575042aba2197b425ebfd52061dea061a9aa1xy<link rel="home" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
080575042aba2197b425ebfd52061dea061a9aa1xy<link rel="up" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
080575042aba2197b425ebfd52061dea061a9aa1xy<link rel="prev" href="Bv9ARM.ch02.html" title="Chapter�2.�BIND Resource Requirements">
080575042aba2197b425ebfd52061dea061a9aa1xy<link rel="next" href="Bv9ARM.ch04.html" title="Chapter�4.�Advanced DNS Features">
080575042aba2197b425ebfd52061dea061a9aa1xy</head>
080575042aba2197b425ebfd52061dea061a9aa1xy<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
080575042aba2197b425ebfd52061dea061a9aa1xy<div class="navheader">
080575042aba2197b425ebfd52061dea061a9aa1xy<table width="100%" summary="Navigation header">
080575042aba2197b425ebfd52061dea061a9aa1xy<tr><th colspan="3" align="center">Chapter�3.�Name Server Configuration</th></tr>
080575042aba2197b425ebfd52061dea061a9aa1xy<tr>
080575042aba2197b425ebfd52061dea061a9aa1xy<td width="20%" align="left">
080575042aba2197b425ebfd52061dea061a9aa1xy<a accesskey="p" href="Bv9ARM.ch02.html">Prev</a>�</td>
080575042aba2197b425ebfd52061dea061a9aa1xy<th width="60%" align="center">�</th>
080575042aba2197b425ebfd52061dea061a9aa1xy<td width="20%" align="right">�<a accesskey="n" href="Bv9ARM.ch04.html">Next</a>
080575042aba2197b425ebfd52061dea061a9aa1xy</td>
080575042aba2197b425ebfd52061dea061a9aa1xy</tr>
080575042aba2197b425ebfd52061dea061a9aa1xy</table>
080575042aba2197b425ebfd52061dea061a9aa1xy<hr>
080575042aba2197b425ebfd52061dea061a9aa1xy</div>
080575042aba2197b425ebfd52061dea061a9aa1xy<div class="chapter">
080575042aba2197b425ebfd52061dea061a9aa1xy<div class="titlepage"><div><div><h1 class="title">
080575042aba2197b425ebfd52061dea061a9aa1xy<a name="Bv9ARM.ch03"></a>Chapter�3.�Name Server Configuration</h1></div></div></div>
080575042aba2197b425ebfd52061dea061a9aa1xy<div class="toc">
080575042aba2197b425ebfd52061dea061a9aa1xy<p><b>Table of Contents</b></p>
080575042aba2197b425ebfd52061dea061a9aa1xy<dl class="toc">
080575042aba2197b425ebfd52061dea061a9aa1xy<dt><span class="section"><a href="Bv9ARM.ch03.html#sample_configuration">Sample Configurations</a></span></dt>
080575042aba2197b425ebfd52061dea061a9aa1xy<dd><dl>
080575042aba2197b425ebfd52061dea061a9aa1xy<dt><span class="section"><a href="Bv9ARM.ch03.html#cache_only_sample">A Caching-only Name Server</a></span></dt>
080575042aba2197b425ebfd52061dea061a9aa1xy<dt><span class="section"><a href="Bv9ARM.ch03.html#auth_only_sample">An Authoritative-only Name Server</a></span></dt>
080575042aba2197b425ebfd52061dea061a9aa1xy</dl></dd>
080575042aba2197b425ebfd52061dea061a9aa1xy<dt><span class="section"><a href="Bv9ARM.ch03.html#load_balancing">Load Balancing</a></span></dt>
080575042aba2197b425ebfd52061dea061a9aa1xy<dt><span class="section"><a href="Bv9ARM.ch03.html#ns_operations">Name Server Operations</a></span></dt>
080575042aba2197b425ebfd52061dea061a9aa1xy<dd><dl>
080575042aba2197b425ebfd52061dea061a9aa1xy<dt><span class="section"><a href="Bv9ARM.ch03.html#tools">Tools for Use With the Name Server Daemon</a></span></dt>
080575042aba2197b425ebfd52061dea061a9aa1xy<dt><span class="section"><a href="Bv9ARM.ch03.html#signals">Signals</a></span></dt>
080575042aba2197b425ebfd52061dea061a9aa1xy</dl></dd>
080575042aba2197b425ebfd52061dea061a9aa1xy</dl>
080575042aba2197b425ebfd52061dea061a9aa1xy</div>
080575042aba2197b425ebfd52061dea061a9aa1xy<p>
080575042aba2197b425ebfd52061dea061a9aa1xy      In this chapter we provide some suggested configurations along
080575042aba2197b425ebfd52061dea061a9aa1xy      with guidelines for their use.  We suggest reasonable values for
080575042aba2197b425ebfd52061dea061a9aa1xy      certain option settings.
080575042aba2197b425ebfd52061dea061a9aa1xy    </p>
080575042aba2197b425ebfd52061dea061a9aa1xy<div class="section">
080575042aba2197b425ebfd52061dea061a9aa1xy<div class="titlepage"><div><div><h2 class="title" style="clear: both">
080575042aba2197b425ebfd52061dea061a9aa1xy<a name="sample_configuration"></a>Sample Configurations</h2></div></div></div>
080575042aba2197b425ebfd52061dea061a9aa1xy<div class="section">
080575042aba2197b425ebfd52061dea061a9aa1xy<div class="titlepage"><div><div><h3 class="title">
080575042aba2197b425ebfd52061dea061a9aa1xy<a name="cache_only_sample"></a>A Caching-only Name Server</h3></div></div></div>
080575042aba2197b425ebfd52061dea061a9aa1xy<p>
080575042aba2197b425ebfd52061dea061a9aa1xy          The following sample configuration is appropriate for a caching-only
080575042aba2197b425ebfd52061dea061a9aa1xy          name server for use by clients internal to a corporation.  All
080575042aba2197b425ebfd52061dea061a9aa1xy          queries
080575042aba2197b425ebfd52061dea061a9aa1xy          from outside clients are refused using the <span class="command"><strong>allow-query</strong></span>
080575042aba2197b425ebfd52061dea061a9aa1xy          option.  Alternatively, the same effect could be achieved using
080575042aba2197b425ebfd52061dea061a9aa1xy          suitable
080575042aba2197b425ebfd52061dea061a9aa1xy          firewall rules.
080575042aba2197b425ebfd52061dea061a9aa1xy        </p>
080575042aba2197b425ebfd52061dea061a9aa1xy<pre class="programlisting">
080575042aba2197b425ebfd52061dea061a9aa1xy// Two corporate subnets we wish to allow queries from.
080575042aba2197b425ebfd52061dea061a9aa1xyacl corpnets { 192.168.4.0/24; 192.168.7.0/24; };
080575042aba2197b425ebfd52061dea061a9aa1xyoptions {
080575042aba2197b425ebfd52061dea061a9aa1xy     // Working directory
080575042aba2197b425ebfd52061dea061a9aa1xy     directory "/etc/namedb";
080575042aba2197b425ebfd52061dea061a9aa1xy
080575042aba2197b425ebfd52061dea061a9aa1xy     allow-query { corpnets; };
080575042aba2197b425ebfd52061dea061a9aa1xy};
080575042aba2197b425ebfd52061dea061a9aa1xy// Provide a reverse mapping for the loopback
080575042aba2197b425ebfd52061dea061a9aa1xy// address 127.0.0.1
080575042aba2197b425ebfd52061dea061a9aa1xyzone "0.0.127.in-addr.arpa" {
080575042aba2197b425ebfd52061dea061a9aa1xy     type master;
080575042aba2197b425ebfd52061dea061a9aa1xy     file "localhost.rev";
080575042aba2197b425ebfd52061dea061a9aa1xy     notify no;
080575042aba2197b425ebfd52061dea061a9aa1xy};
080575042aba2197b425ebfd52061dea061a9aa1xy</pre>
080575042aba2197b425ebfd52061dea061a9aa1xy</div>
080575042aba2197b425ebfd52061dea061a9aa1xy<div class="section">
080575042aba2197b425ebfd52061dea061a9aa1xy<div class="titlepage"><div><div><h3 class="title">
080575042aba2197b425ebfd52061dea061a9aa1xy<a name="auth_only_sample"></a>An Authoritative-only Name Server</h3></div></div></div>
080575042aba2197b425ebfd52061dea061a9aa1xy<p>
080575042aba2197b425ebfd52061dea061a9aa1xy          This sample configuration is for an authoritative-only server
080575042aba2197b425ebfd52061dea061a9aa1xy          that is the master server for "<code class="filename">example.com</code>"
080575042aba2197b425ebfd52061dea061a9aa1xy          and a slave for the subdomain "<code class="filename">eng.example.com</code>".
080575042aba2197b425ebfd52061dea061a9aa1xy        </p>
080575042aba2197b425ebfd52061dea061a9aa1xy<pre class="programlisting">
080575042aba2197b425ebfd52061dea061a9aa1xyoptions {
080575042aba2197b425ebfd52061dea061a9aa1xy     // Working directory
080575042aba2197b425ebfd52061dea061a9aa1xy     directory "/etc/namedb";
080575042aba2197b425ebfd52061dea061a9aa1xy     // Do not allow access to cache
080575042aba2197b425ebfd52061dea061a9aa1xy     allow-query-cache { none; };
080575042aba2197b425ebfd52061dea061a9aa1xy     // This is the default
080575042aba2197b425ebfd52061dea061a9aa1xy     allow-query { any; };
080575042aba2197b425ebfd52061dea061a9aa1xy     // Do not provide recursive service
080575042aba2197b425ebfd52061dea061a9aa1xy     recursion no;
080575042aba2197b425ebfd52061dea061a9aa1xy};
080575042aba2197b425ebfd52061dea061a9aa1xy
080575042aba2197b425ebfd52061dea061a9aa1xy// Provide a reverse mapping for the loopback
080575042aba2197b425ebfd52061dea061a9aa1xy// address 127.0.0.1
080575042aba2197b425ebfd52061dea061a9aa1xyzone "0.0.127.in-addr.arpa" {
080575042aba2197b425ebfd52061dea061a9aa1xy     type master;
080575042aba2197b425ebfd52061dea061a9aa1xy     file "localhost.rev";
080575042aba2197b425ebfd52061dea061a9aa1xy     notify no;
080575042aba2197b425ebfd52061dea061a9aa1xy};
080575042aba2197b425ebfd52061dea061a9aa1xy// We are the master server for example.com
080575042aba2197b425ebfd52061dea061a9aa1xyzone "example.com" {
080575042aba2197b425ebfd52061dea061a9aa1xy     type master;
080575042aba2197b425ebfd52061dea061a9aa1xy     file "example.com.db";
080575042aba2197b425ebfd52061dea061a9aa1xy     // IP addresses of slave servers allowed to
080575042aba2197b425ebfd52061dea061a9aa1xy     // transfer example.com
080575042aba2197b425ebfd52061dea061a9aa1xy     allow-transfer {
080575042aba2197b425ebfd52061dea061a9aa1xy          192.168.4.14;
080575042aba2197b425ebfd52061dea061a9aa1xy          192.168.5.53;
080575042aba2197b425ebfd52061dea061a9aa1xy     };
080575042aba2197b425ebfd52061dea061a9aa1xy};
080575042aba2197b425ebfd52061dea061a9aa1xy// We are a slave server for eng.example.com
080575042aba2197b425ebfd52061dea061a9aa1xyzone "eng.example.com" {
080575042aba2197b425ebfd52061dea061a9aa1xy     type slave;
080575042aba2197b425ebfd52061dea061a9aa1xy     file "eng.example.com.bk";
080575042aba2197b425ebfd52061dea061a9aa1xy     // IP address of eng.example.com master server
080575042aba2197b425ebfd52061dea061a9aa1xy     masters { 192.168.4.12; };
080575042aba2197b425ebfd52061dea061a9aa1xy};
080575042aba2197b425ebfd52061dea061a9aa1xy</pre>
080575042aba2197b425ebfd52061dea061a9aa1xy</div>
080575042aba2197b425ebfd52061dea061a9aa1xy</div>
080575042aba2197b425ebfd52061dea061a9aa1xy<div class="section">
080575042aba2197b425ebfd52061dea061a9aa1xy<div class="titlepage"><div><div><h2 class="title" style="clear: both">
080575042aba2197b425ebfd52061dea061a9aa1xy<a name="load_balancing"></a>Load Balancing</h2></div></div></div>
080575042aba2197b425ebfd52061dea061a9aa1xy<p>
080575042aba2197b425ebfd52061dea061a9aa1xy        A primitive form of load balancing can be achieved in
080575042aba2197b425ebfd52061dea061a9aa1xy        the <acronym class="acronym">DNS</acronym> by using multiple records
080575042aba2197b425ebfd52061dea061a9aa1xy        (such as multiple A records) for one name.
080575042aba2197b425ebfd52061dea061a9aa1xy      </p>
080575042aba2197b425ebfd52061dea061a9aa1xy<p>
080575042aba2197b425ebfd52061dea061a9aa1xy        For example, if you have three WWW servers with network addresses
080575042aba2197b425ebfd52061dea061a9aa1xy        of 10.0.0.1, 10.0.0.2 and 10.0.0.3, a set of records such as the
080575042aba2197b425ebfd52061dea061a9aa1xy        following means that clients will connect to each machine one third
080575042aba2197b425ebfd52061dea061a9aa1xy        of the time:
080575042aba2197b425ebfd52061dea061a9aa1xy      </p>
080575042aba2197b425ebfd52061dea061a9aa1xy<div class="informaltable"><table border="1">
080575042aba2197b425ebfd52061dea061a9aa1xy<colgroup>
080575042aba2197b425ebfd52061dea061a9aa1xy<col width="0.875in" class="1">
080575042aba2197b425ebfd52061dea061a9aa1xy<col width="0.500in" class="2">
080575042aba2197b425ebfd52061dea061a9aa1xy<col width="0.750in" class="3">
080575042aba2197b425ebfd52061dea061a9aa1xy<col width="0.750in" class="4">
080575042aba2197b425ebfd52061dea061a9aa1xy<col width="2.028in" class="5">
080575042aba2197b425ebfd52061dea061a9aa1xy</colgroup>
080575042aba2197b425ebfd52061dea061a9aa1xy<tbody>
080575042aba2197b425ebfd52061dea061a9aa1xy<tr>
080575042aba2197b425ebfd52061dea061a9aa1xy<td>
080575042aba2197b425ebfd52061dea061a9aa1xy                <p>
080575042aba2197b425ebfd52061dea061a9aa1xy                  Name
080575042aba2197b425ebfd52061dea061a9aa1xy                </p>
080575042aba2197b425ebfd52061dea061a9aa1xy              </td>
080575042aba2197b425ebfd52061dea061a9aa1xy<td>
080575042aba2197b425ebfd52061dea061a9aa1xy                <p>
080575042aba2197b425ebfd52061dea061a9aa1xy                  TTL
080575042aba2197b425ebfd52061dea061a9aa1xy                </p>
080575042aba2197b425ebfd52061dea061a9aa1xy              </td>
080575042aba2197b425ebfd52061dea061a9aa1xy<td>
080575042aba2197b425ebfd52061dea061a9aa1xy                <p>
080575042aba2197b425ebfd52061dea061a9aa1xy                  CLASS
080575042aba2197b425ebfd52061dea061a9aa1xy                </p>
080575042aba2197b425ebfd52061dea061a9aa1xy              </td>
080575042aba2197b425ebfd52061dea061a9aa1xy<td>
080575042aba2197b425ebfd52061dea061a9aa1xy                <p>
080575042aba2197b425ebfd52061dea061a9aa1xy                  TYPE
080575042aba2197b425ebfd52061dea061a9aa1xy                </p>
080575042aba2197b425ebfd52061dea061a9aa1xy              </td>
080575042aba2197b425ebfd52061dea061a9aa1xy<td>
080575042aba2197b425ebfd52061dea061a9aa1xy                <p>
080575042aba2197b425ebfd52061dea061a9aa1xy                  Resource Record (RR) Data
080575042aba2197b425ebfd52061dea061a9aa1xy                </p>
080575042aba2197b425ebfd52061dea061a9aa1xy              </td>
080575042aba2197b425ebfd52061dea061a9aa1xy</tr>
080575042aba2197b425ebfd52061dea061a9aa1xy<tr>
080575042aba2197b425ebfd52061dea061a9aa1xy<td>
080575042aba2197b425ebfd52061dea061a9aa1xy                <p>
080575042aba2197b425ebfd52061dea061a9aa1xy                  <code class="literal">www</code>
080575042aba2197b425ebfd52061dea061a9aa1xy                </p>
080575042aba2197b425ebfd52061dea061a9aa1xy              </td>
080575042aba2197b425ebfd52061dea061a9aa1xy<td>
080575042aba2197b425ebfd52061dea061a9aa1xy                <p>
080575042aba2197b425ebfd52061dea061a9aa1xy                  <code class="literal">600</code>
080575042aba2197b425ebfd52061dea061a9aa1xy                </p>
080575042aba2197b425ebfd52061dea061a9aa1xy              </td>
080575042aba2197b425ebfd52061dea061a9aa1xy<td>
080575042aba2197b425ebfd52061dea061a9aa1xy                <p>
080575042aba2197b425ebfd52061dea061a9aa1xy                  <code class="literal">IN</code>
080575042aba2197b425ebfd52061dea061a9aa1xy                </p>
080575042aba2197b425ebfd52061dea061a9aa1xy              </td>
080575042aba2197b425ebfd52061dea061a9aa1xy<td>
080575042aba2197b425ebfd52061dea061a9aa1xy                <p>
080575042aba2197b425ebfd52061dea061a9aa1xy                  <code class="literal">A</code>
080575042aba2197b425ebfd52061dea061a9aa1xy                </p>
080575042aba2197b425ebfd52061dea061a9aa1xy              </td>
080575042aba2197b425ebfd52061dea061a9aa1xy<td>
080575042aba2197b425ebfd52061dea061a9aa1xy                <p>
080575042aba2197b425ebfd52061dea061a9aa1xy                  <code class="literal">10.0.0.1</code>
080575042aba2197b425ebfd52061dea061a9aa1xy                </p>
080575042aba2197b425ebfd52061dea061a9aa1xy              </td>
080575042aba2197b425ebfd52061dea061a9aa1xy</tr>
080575042aba2197b425ebfd52061dea061a9aa1xy<tr>
080575042aba2197b425ebfd52061dea061a9aa1xy<td>
080575042aba2197b425ebfd52061dea061a9aa1xy                <p></p>
080575042aba2197b425ebfd52061dea061a9aa1xy              </td>
080575042aba2197b425ebfd52061dea061a9aa1xy<td>
080575042aba2197b425ebfd52061dea061a9aa1xy                <p>
080575042aba2197b425ebfd52061dea061a9aa1xy                  <code class="literal">600</code>
080575042aba2197b425ebfd52061dea061a9aa1xy                </p>
080575042aba2197b425ebfd52061dea061a9aa1xy              </td>
080575042aba2197b425ebfd52061dea061a9aa1xy<td>
080575042aba2197b425ebfd52061dea061a9aa1xy                <p>
080575042aba2197b425ebfd52061dea061a9aa1xy                  <code class="literal">IN</code>
080575042aba2197b425ebfd52061dea061a9aa1xy                </p>
080575042aba2197b425ebfd52061dea061a9aa1xy              </td>
080575042aba2197b425ebfd52061dea061a9aa1xy<td>
080575042aba2197b425ebfd52061dea061a9aa1xy                <p>
080575042aba2197b425ebfd52061dea061a9aa1xy                  <code class="literal">A</code>
080575042aba2197b425ebfd52061dea061a9aa1xy                </p>
080575042aba2197b425ebfd52061dea061a9aa1xy              </td>
080575042aba2197b425ebfd52061dea061a9aa1xy<td>
080575042aba2197b425ebfd52061dea061a9aa1xy                <p>
080575042aba2197b425ebfd52061dea061a9aa1xy                  <code class="literal">10.0.0.2</code>
080575042aba2197b425ebfd52061dea061a9aa1xy                </p>
080575042aba2197b425ebfd52061dea061a9aa1xy              </td>
080575042aba2197b425ebfd52061dea061a9aa1xy</tr>
080575042aba2197b425ebfd52061dea061a9aa1xy<tr>
080575042aba2197b425ebfd52061dea061a9aa1xy<td>
080575042aba2197b425ebfd52061dea061a9aa1xy                <p></p>
080575042aba2197b425ebfd52061dea061a9aa1xy              </td>
080575042aba2197b425ebfd52061dea061a9aa1xy<td>
080575042aba2197b425ebfd52061dea061a9aa1xy                <p>
080575042aba2197b425ebfd52061dea061a9aa1xy                  <code class="literal">600</code>
080575042aba2197b425ebfd52061dea061a9aa1xy                </p>
080575042aba2197b425ebfd52061dea061a9aa1xy              </td>
080575042aba2197b425ebfd52061dea061a9aa1xy<td>
080575042aba2197b425ebfd52061dea061a9aa1xy                <p>
080575042aba2197b425ebfd52061dea061a9aa1xy                  <code class="literal">IN</code>
080575042aba2197b425ebfd52061dea061a9aa1xy                </p>
080575042aba2197b425ebfd52061dea061a9aa1xy              </td>
080575042aba2197b425ebfd52061dea061a9aa1xy<td>
080575042aba2197b425ebfd52061dea061a9aa1xy                <p>
080575042aba2197b425ebfd52061dea061a9aa1xy                  <code class="literal">A</code>
080575042aba2197b425ebfd52061dea061a9aa1xy                </p>
080575042aba2197b425ebfd52061dea061a9aa1xy              </td>
080575042aba2197b425ebfd52061dea061a9aa1xy<td>
080575042aba2197b425ebfd52061dea061a9aa1xy                <p>
080575042aba2197b425ebfd52061dea061a9aa1xy                  <code class="literal">10.0.0.3</code>
080575042aba2197b425ebfd52061dea061a9aa1xy                </p>
080575042aba2197b425ebfd52061dea061a9aa1xy              </td>
080575042aba2197b425ebfd52061dea061a9aa1xy</tr>
080575042aba2197b425ebfd52061dea061a9aa1xy</tbody>
080575042aba2197b425ebfd52061dea061a9aa1xy</table></div>
080575042aba2197b425ebfd52061dea061a9aa1xy<p>
080575042aba2197b425ebfd52061dea061a9aa1xy        When a resolver queries for these records, <acronym class="acronym">BIND</acronym> will rotate
080575042aba2197b425ebfd52061dea061a9aa1xy        them and respond to the query with the records in a different
080575042aba2197b425ebfd52061dea061a9aa1xy        order.  In the example above, clients will randomly receive
080575042aba2197b425ebfd52061dea061a9aa1xy        records in the order 1, 2, 3; 2, 3, 1; and 3, 1, 2. Most clients
080575042aba2197b425ebfd52061dea061a9aa1xy        will use the first record returned and discard the rest.
080575042aba2197b425ebfd52061dea061a9aa1xy      </p>
080575042aba2197b425ebfd52061dea061a9aa1xy<p>
080575042aba2197b425ebfd52061dea061a9aa1xy        For more detail on ordering responses, check the
080575042aba2197b425ebfd52061dea061a9aa1xy        <span class="command"><strong>rrset-order</strong></span> sub-statement in the
080575042aba2197b425ebfd52061dea061a9aa1xy        <span class="command"><strong>options</strong></span> statement, see
080575042aba2197b425ebfd52061dea061a9aa1xy        <a class="xref" href="Bv9ARM.ch06.html#rrset_ordering" title="RRset Ordering">RRset Ordering</a>.
080575042aba2197b425ebfd52061dea061a9aa1xy      </p>
080575042aba2197b425ebfd52061dea061a9aa1xy</div>
080575042aba2197b425ebfd52061dea061a9aa1xy<div class="section">
080575042aba2197b425ebfd52061dea061a9aa1xy<div class="titlepage"><div><div><h2 class="title" style="clear: both">
080575042aba2197b425ebfd52061dea061a9aa1xy<a name="ns_operations"></a>Name Server Operations</h2></div></div></div>
080575042aba2197b425ebfd52061dea061a9aa1xy<div class="section">
080575042aba2197b425ebfd52061dea061a9aa1xy<div class="titlepage"><div><div><h3 class="title">
080575042aba2197b425ebfd52061dea061a9aa1xy<a name="tools"></a>Tools for Use With the Name Server Daemon</h3></div></div></div>
080575042aba2197b425ebfd52061dea061a9aa1xy<p>
080575042aba2197b425ebfd52061dea061a9aa1xy          This section describes several indispensable diagnostic,
080575042aba2197b425ebfd52061dea061a9aa1xy          administrative and monitoring tools available to the system
080575042aba2197b425ebfd52061dea061a9aa1xy          administrator for controlling and debugging the name server
080575042aba2197b425ebfd52061dea061a9aa1xy          daemon.
080575042aba2197b425ebfd52061dea061a9aa1xy        </p>
080575042aba2197b425ebfd52061dea061a9aa1xy<div class="section">
080575042aba2197b425ebfd52061dea061a9aa1xy<div class="titlepage"><div><div><h4 class="title">
080575042aba2197b425ebfd52061dea061a9aa1xy<a name="diagnostic_tools"></a>Diagnostic Tools</h4></div></div></div>
080575042aba2197b425ebfd52061dea061a9aa1xy<p>
080575042aba2197b425ebfd52061dea061a9aa1xy            The <span class="command"><strong>dig</strong></span>, <span class="command"><strong>host</strong></span>, and
080575042aba2197b425ebfd52061dea061a9aa1xy            <span class="command"><strong>nslookup</strong></span> programs are all command
080575042aba2197b425ebfd52061dea061a9aa1xy            line tools
080575042aba2197b425ebfd52061dea061a9aa1xy            for manually querying name servers.  They differ in style and
080575042aba2197b425ebfd52061dea061a9aa1xy            output format.
080575042aba2197b425ebfd52061dea061a9aa1xy          </p>
080575042aba2197b425ebfd52061dea061a9aa1xy<div class="variablelist"><dl class="variablelist">
080575042aba2197b425ebfd52061dea061a9aa1xy<dt><span class="term"><a name="dig"></a><span class="command"><strong>dig</strong></span></span></dt>
080575042aba2197b425ebfd52061dea061a9aa1xy<dd>
080575042aba2197b425ebfd52061dea061a9aa1xy<p>
080575042aba2197b425ebfd52061dea061a9aa1xy                  The domain information groper (<span class="command"><strong>dig</strong></span>)
080575042aba2197b425ebfd52061dea061a9aa1xy                  is the most versatile and complete of these lookup tools.
080575042aba2197b425ebfd52061dea061a9aa1xy                  It has two modes: simple interactive
080575042aba2197b425ebfd52061dea061a9aa1xy                  mode for a single query, and batch mode which executes a
080575042aba2197b425ebfd52061dea061a9aa1xy                  query for
080575042aba2197b425ebfd52061dea061a9aa1xy                  each in a list of several query lines. All query options are
080575042aba2197b425ebfd52061dea061a9aa1xy                  accessible
080575042aba2197b425ebfd52061dea061a9aa1xy                  from the command line.
080575042aba2197b425ebfd52061dea061a9aa1xy                </p>
080575042aba2197b425ebfd52061dea061a9aa1xy<div class="cmdsynopsis"><p><code class="command">dig</code>  [@<em class="replaceable"><code>server</code></em>]  <em class="replaceable"><code>domain</code></em>  [<em class="replaceable"><code>query-type</code></em>] [<em class="replaceable"><code>query-class</code></em>] [+<em class="replaceable"><code>query-option</code></em>] [-<em class="replaceable"><code>dig-option</code></em>] [%<em class="replaceable"><code>comment</code></em>]</p></div>
080575042aba2197b425ebfd52061dea061a9aa1xy<p>
080575042aba2197b425ebfd52061dea061a9aa1xy                  The usual simple use of <span class="command"><strong>dig</strong></span> will take the form
080575042aba2197b425ebfd52061dea061a9aa1xy                </p>
080575042aba2197b425ebfd52061dea061a9aa1xy<p class="simpara">
080575042aba2197b425ebfd52061dea061a9aa1xy                  <span class="command"><strong>dig @server domain query-type query-class</strong></span>
080575042aba2197b425ebfd52061dea061a9aa1xy                </p>
080575042aba2197b425ebfd52061dea061a9aa1xy<p>
080575042aba2197b425ebfd52061dea061a9aa1xy                  For more information and a list of available commands and
080575042aba2197b425ebfd52061dea061a9aa1xy                  options, see the <span class="command"><strong>dig</strong></span> man
080575042aba2197b425ebfd52061dea061a9aa1xy                  page.
080575042aba2197b425ebfd52061dea061a9aa1xy                </p>
080575042aba2197b425ebfd52061dea061a9aa1xy</dd>
080575042aba2197b425ebfd52061dea061a9aa1xy<dt><span class="term"><span class="command"><strong>host</strong></span></span></dt>
080575042aba2197b425ebfd52061dea061a9aa1xy<dd>
080575042aba2197b425ebfd52061dea061a9aa1xy<p>
080575042aba2197b425ebfd52061dea061a9aa1xy                  The <span class="command"><strong>host</strong></span> utility emphasizes
080575042aba2197b425ebfd52061dea061a9aa1xy                  simplicity
080575042aba2197b425ebfd52061dea061a9aa1xy                  and ease of use.  By default, it converts
080575042aba2197b425ebfd52061dea061a9aa1xy                  between host names and Internet addresses, but its
080575042aba2197b425ebfd52061dea061a9aa1xy                  functionality
080575042aba2197b425ebfd52061dea061a9aa1xy                  can be extended with the use of options.
080575042aba2197b425ebfd52061dea061a9aa1xy                </p>
080575042aba2197b425ebfd52061dea061a9aa1xy<div class="cmdsynopsis"><p><code class="command">host</code>  [-aCdlnrsTwv] [-c <em class="replaceable"><code>class</code></em>] [-N <em class="replaceable"><code>ndots</code></em>] [-t <em class="replaceable"><code>type</code></em>] [-W <em class="replaceable"><code>timeout</code></em>] [-R <em class="replaceable"><code>retries</code></em>] [-m <em class="replaceable"><code>flag</code></em>] [-4] [-6]  <em class="replaceable"><code>hostname</code></em>  [<em class="replaceable"><code>server</code></em>]</p></div>
080575042aba2197b425ebfd52061dea061a9aa1xy<p>
080575042aba2197b425ebfd52061dea061a9aa1xy                  For more information and a list of available commands and
080575042aba2197b425ebfd52061dea061a9aa1xy                  options, see the <span class="command"><strong>host</strong></span> man
080575042aba2197b425ebfd52061dea061a9aa1xy                  page.
080575042aba2197b425ebfd52061dea061a9aa1xy                </p>
080575042aba2197b425ebfd52061dea061a9aa1xy</dd>
080575042aba2197b425ebfd52061dea061a9aa1xy<dt><span class="term"><span class="command"><strong>nslookup</strong></span></span></dt>
080575042aba2197b425ebfd52061dea061a9aa1xy<dd>
080575042aba2197b425ebfd52061dea061a9aa1xy<p><span class="command"><strong>nslookup</strong></span>
080575042aba2197b425ebfd52061dea061a9aa1xy                  has two modes: interactive and
080575042aba2197b425ebfd52061dea061a9aa1xy                  non-interactive. Interactive mode allows the user to
080575042aba2197b425ebfd52061dea061a9aa1xy                  query name servers for information about various
080575042aba2197b425ebfd52061dea061a9aa1xy                  hosts and domains or to print a list of hosts in a
080575042aba2197b425ebfd52061dea061a9aa1xy                  domain. Non-interactive mode is used to print just
080575042aba2197b425ebfd52061dea061a9aa1xy                  the name and requested information for a host or
080575042aba2197b425ebfd52061dea061a9aa1xy                  domain.
080575042aba2197b425ebfd52061dea061a9aa1xy                </p>
080575042aba2197b425ebfd52061dea061a9aa1xy<div class="cmdsynopsis"><p><code class="command">nslookup</code>  [-option...] [[<em class="replaceable"><code>host-to-find</code></em>] |  [- [server]]]</p></div>
080575042aba2197b425ebfd52061dea061a9aa1xy<p>
080575042aba2197b425ebfd52061dea061a9aa1xy                  Interactive mode is entered when no arguments are given (the
080575042aba2197b425ebfd52061dea061a9aa1xy                  default name server will be used) or when the first argument
080575042aba2197b425ebfd52061dea061a9aa1xy                  is a
080575042aba2197b425ebfd52061dea061a9aa1xy                  hyphen (`-') and the second argument is the host name or
080575042aba2197b425ebfd52061dea061a9aa1xy                  Internet address
080575042aba2197b425ebfd52061dea061a9aa1xy                  of a name server.
080575042aba2197b425ebfd52061dea061a9aa1xy                </p>
080575042aba2197b425ebfd52061dea061a9aa1xy<p>
080575042aba2197b425ebfd52061dea061a9aa1xy                  Non-interactive mode is used when the name or Internet
080575042aba2197b425ebfd52061dea061a9aa1xy                  address
080575042aba2197b425ebfd52061dea061a9aa1xy                  of the host to be looked up is given as the first argument.
080575042aba2197b425ebfd52061dea061a9aa1xy                  The
080575042aba2197b425ebfd52061dea061a9aa1xy                  optional second argument specifies the host name or address
080575042aba2197b425ebfd52061dea061a9aa1xy                  of a name server.
080575042aba2197b425ebfd52061dea061a9aa1xy                </p>
080575042aba2197b425ebfd52061dea061a9aa1xy<p>
080575042aba2197b425ebfd52061dea061a9aa1xy                  Due to its arcane user interface and frequently inconsistent
080575042aba2197b425ebfd52061dea061a9aa1xy                  behavior, we do not recommend the use of <span class="command"><strong>nslookup</strong></span>.
080575042aba2197b425ebfd52061dea061a9aa1xy                  Use <span class="command"><strong>dig</strong></span> instead.
080575042aba2197b425ebfd52061dea061a9aa1xy                </p>
080575042aba2197b425ebfd52061dea061a9aa1xy</dd>
080575042aba2197b425ebfd52061dea061a9aa1xy</dl></div>
080575042aba2197b425ebfd52061dea061a9aa1xy</div>
080575042aba2197b425ebfd52061dea061a9aa1xy<div class="section">
080575042aba2197b425ebfd52061dea061a9aa1xy<div class="titlepage"><div><div><h4 class="title">
080575042aba2197b425ebfd52061dea061a9aa1xy<a name="admin_tools"></a>Administrative Tools</h4></div></div></div>
080575042aba2197b425ebfd52061dea061a9aa1xy<p>
080575042aba2197b425ebfd52061dea061a9aa1xy            Administrative tools play an integral part in the management
080575042aba2197b425ebfd52061dea061a9aa1xy            of a server.
080575042aba2197b425ebfd52061dea061a9aa1xy          </p>
080575042aba2197b425ebfd52061dea061a9aa1xy<div class="variablelist"><dl class="variablelist">
080575042aba2197b425ebfd52061dea061a9aa1xy<dt>
080575042aba2197b425ebfd52061dea061a9aa1xy<a name="named-checkconf"></a><span class="term"><span class="command"><strong>named-checkconf</strong></span></span>
080575042aba2197b425ebfd52061dea061a9aa1xy</dt>
080575042aba2197b425ebfd52061dea061a9aa1xy<dd>
080575042aba2197b425ebfd52061dea061a9aa1xy<p>
080575042aba2197b425ebfd52061dea061a9aa1xy                  The <span class="command"><strong>named-checkconf</strong></span> program
080575042aba2197b425ebfd52061dea061a9aa1xy                  checks the syntax of a <code class="filename">named.conf</code> file.
080575042aba2197b425ebfd52061dea061a9aa1xy                </p>
080575042aba2197b425ebfd52061dea061a9aa1xy<div class="cmdsynopsis"><p><code class="command">named-checkconf</code>  [-jvz] [-t <em class="replaceable"><code>directory</code></em>] [<em class="replaceable"><code>filename</code></em>]</p></div>
080575042aba2197b425ebfd52061dea061a9aa1xy</dd>
080575042aba2197b425ebfd52061dea061a9aa1xy<dt>
080575042aba2197b425ebfd52061dea061a9aa1xy<a name="named-checkzone"></a><span class="term"><span class="command"><strong>named-checkzone</strong></span></span>
080575042aba2197b425ebfd52061dea061a9aa1xy</dt>
080575042aba2197b425ebfd52061dea061a9aa1xy<dd>
080575042aba2197b425ebfd52061dea061a9aa1xy<p>
080575042aba2197b425ebfd52061dea061a9aa1xy                  The <span class="command"><strong>named-checkzone</strong></span> program
080575042aba2197b425ebfd52061dea061a9aa1xy                  checks a master file for
080575042aba2197b425ebfd52061dea061a9aa1xy                  syntax and consistency.
080575042aba2197b425ebfd52061dea061a9aa1xy                </p>
080575042aba2197b425ebfd52061dea061a9aa1xy<div class="cmdsynopsis"><p><code class="command">named-checkzone</code>  [-djqvD] [-c <em class="replaceable"><code>class</code></em>] [-o <em class="replaceable"><code>output</code></em>] [-t <em class="replaceable"><code>directory</code></em>] [-w <em class="replaceable"><code>directory</code></em>] [-k <em class="replaceable"><code>(ignore|warn|fail)</code></em>] [-n <em class="replaceable"><code>(ignore|warn|fail)</code></em>] [-W <em class="replaceable"><code>(ignore|warn)</code></em>]  <em class="replaceable"><code>zone</code></em>  [<em class="replaceable"><code>filename</code></em>]</p></div>
080575042aba2197b425ebfd52061dea061a9aa1xy</dd>
080575042aba2197b425ebfd52061dea061a9aa1xy<dt>
080575042aba2197b425ebfd52061dea061a9aa1xy<a name="named-compilezone"></a><span class="term"><span class="command"><strong>named-compilezone</strong></span></span>
080575042aba2197b425ebfd52061dea061a9aa1xy</dt>
080575042aba2197b425ebfd52061dea061a9aa1xy<dd><p>
080575042aba2197b425ebfd52061dea061a9aa1xy                  Similar to <span class="command"><strong>named-checkzone,</strong></span> but
080575042aba2197b425ebfd52061dea061a9aa1xy                  it always dumps the zone content to a specified file
080575042aba2197b425ebfd52061dea061a9aa1xy                  (typically in a different format).
080575042aba2197b425ebfd52061dea061a9aa1xy                </p></dd>
080575042aba2197b425ebfd52061dea061a9aa1xy<dt>
080575042aba2197b425ebfd52061dea061a9aa1xy<a name="rndc"></a><span class="term"><span class="command"><strong>rndc</strong></span></span>
080575042aba2197b425ebfd52061dea061a9aa1xy</dt>
080575042aba2197b425ebfd52061dea061a9aa1xy<dd>
080575042aba2197b425ebfd52061dea061a9aa1xy<p>
080575042aba2197b425ebfd52061dea061a9aa1xy                  The remote name daemon control
080575042aba2197b425ebfd52061dea061a9aa1xy                  (<span class="command"><strong>rndc</strong></span>) program allows the
080575042aba2197b425ebfd52061dea061a9aa1xy                  system
080575042aba2197b425ebfd52061dea061a9aa1xy                  administrator to control the operation of a name server.
080575042aba2197b425ebfd52061dea061a9aa1xy                  Since <acronym class="acronym">BIND</acronym> 9.2, <span class="command"><strong>rndc</strong></span>
080575042aba2197b425ebfd52061dea061a9aa1xy                  supports all the commands of the BIND 8 <span class="command"><strong>ndc</strong></span>
080575042aba2197b425ebfd52061dea061a9aa1xy                  utility except <span class="command"><strong>ndc start</strong></span> and
080575042aba2197b425ebfd52061dea061a9aa1xy                  <span class="command"><strong>ndc restart</strong></span>, which were also
080575042aba2197b425ebfd52061dea061a9aa1xy                  not supported in <span class="command"><strong>ndc</strong></span>'s
080575042aba2197b425ebfd52061dea061a9aa1xy                  channel mode.
080575042aba2197b425ebfd52061dea061a9aa1xy                  If you run <span class="command"><strong>rndc</strong></span> without any
080575042aba2197b425ebfd52061dea061a9aa1xy                  options
080575042aba2197b425ebfd52061dea061a9aa1xy                  it will display a usage message as follows:
080575042aba2197b425ebfd52061dea061a9aa1xy                </p>
080575042aba2197b425ebfd52061dea061a9aa1xy<div class="cmdsynopsis"><p><code class="command">rndc</code>  [-c <em class="replaceable"><code>config</code></em>] [-s <em class="replaceable"><code>server</code></em>] [-p <em class="replaceable"><code>port</code></em>] [-y <em class="replaceable"><code>key</code></em>]  <em class="replaceable"><code>command</code></em>  [<em class="replaceable"><code>command</code></em>...]</p></div>
080575042aba2197b425ebfd52061dea061a9aa1xy<p>See <a class="xref" href="man.rndc.html" title="rndc"><span class="refentrytitle"><span class="application">rndc</span></span>(8)</a> for details of
080575042aba2197b425ebfd52061dea061a9aa1xy                  the available <span class="command"><strong>rndc</strong></span> commands.
080575042aba2197b425ebfd52061dea061a9aa1xy                </p>
080575042aba2197b425ebfd52061dea061a9aa1xy<p>
080575042aba2197b425ebfd52061dea061a9aa1xy                  <span class="command"><strong>rndc</strong></span> requires a configuration file,
080575042aba2197b425ebfd52061dea061a9aa1xy                  since all
080575042aba2197b425ebfd52061dea061a9aa1xy                  communication with the server is authenticated with
080575042aba2197b425ebfd52061dea061a9aa1xy                  digital signatures that rely on a shared secret, and
080575042aba2197b425ebfd52061dea061a9aa1xy                  there is no way to provide that secret other than with a
080575042aba2197b425ebfd52061dea061a9aa1xy                  configuration file.  The default location for the
080575042aba2197b425ebfd52061dea061a9aa1xy                  <span class="command"><strong>rndc</strong></span> configuration file is
080575042aba2197b425ebfd52061dea061a9aa1xy                  <code class="filename">/etc/rndc.conf</code>, but an
080575042aba2197b425ebfd52061dea061a9aa1xy                  alternate
080575042aba2197b425ebfd52061dea061a9aa1xy                  location can be specified with the <code class="option">-c</code>
080575042aba2197b425ebfd52061dea061a9aa1xy                  option.  If the configuration file is not found,
080575042aba2197b425ebfd52061dea061a9aa1xy                  <span class="command"><strong>rndc</strong></span> will also look in
080575042aba2197b425ebfd52061dea061a9aa1xy                  <code class="filename">/etc/rndc.key</code> (or whatever
080575042aba2197b425ebfd52061dea061a9aa1xy                  <code class="varname">sysconfdir</code> was defined when
080575042aba2197b425ebfd52061dea061a9aa1xy                  the <acronym class="acronym">BIND</acronym> build was
080575042aba2197b425ebfd52061dea061a9aa1xy                  configured).
080575042aba2197b425ebfd52061dea061a9aa1xy                  The <code class="filename">rndc.key</code> file is
080575042aba2197b425ebfd52061dea061a9aa1xy                  generated by
080575042aba2197b425ebfd52061dea061a9aa1xy                  running <span class="command"><strong>rndc-confgen -a</strong></span> as
080575042aba2197b425ebfd52061dea061a9aa1xy                  described in
080575042aba2197b425ebfd52061dea061a9aa1xy                  <a class="xref" href="Bv9ARM.ch06.html#controls_statement_definition_and_usage" title="controls Statement Definition and Usage">the section called &#8220;<span class="command"><strong>controls</strong></span> Statement Definition and
080575042aba2197b425ebfd52061dea061a9aa1xy          Usage&#8221;</a>.
080575042aba2197b425ebfd52061dea061a9aa1xy                </p>
080575042aba2197b425ebfd52061dea061a9aa1xy<p>
080575042aba2197b425ebfd52061dea061a9aa1xy                  The format of the configuration file is similar to
080575042aba2197b425ebfd52061dea061a9aa1xy                  that of <code class="filename">named.conf</code>, but
080575042aba2197b425ebfd52061dea061a9aa1xy                  limited to
080575042aba2197b425ebfd52061dea061a9aa1xy                  only four statements, the <span class="command"><strong>options</strong></span>,
080575042aba2197b425ebfd52061dea061a9aa1xy                  <span class="command"><strong>key</strong></span>, <span class="command"><strong>server</strong></span> and
080575042aba2197b425ebfd52061dea061a9aa1xy                  <span class="command"><strong>include</strong></span>
080575042aba2197b425ebfd52061dea061a9aa1xy                  statements.  These statements are what associate the
080575042aba2197b425ebfd52061dea061a9aa1xy                  secret keys to the servers with which they are meant to
080575042aba2197b425ebfd52061dea061a9aa1xy                  be shared.  The order of statements is not
080575042aba2197b425ebfd52061dea061a9aa1xy                  significant.
080575042aba2197b425ebfd52061dea061a9aa1xy                </p>
080575042aba2197b425ebfd52061dea061a9aa1xy<p>
080575042aba2197b425ebfd52061dea061a9aa1xy                  The <span class="command"><strong>options</strong></span> statement has
7941757c1241fe30e30f921910595c8ac6af9ef1xy                  three clauses:
7941757c1241fe30e30f921910595c8ac6af9ef1xy                  <span class="command"><strong>default-server</strong></span>, <span class="command"><strong>default-key</strong></span>,
7941757c1241fe30e30f921910595c8ac6af9ef1xy                  and <span class="command"><strong>default-port</strong></span>.
7941757c1241fe30e30f921910595c8ac6af9ef1xy                  <span class="command"><strong>default-server</strong></span> takes a
7941757c1241fe30e30f921910595c8ac6af9ef1xy                  host name or address argument  and represents the server
7941757c1241fe30e30f921910595c8ac6af9ef1xy                  that will
7941757c1241fe30e30f921910595c8ac6af9ef1xy                  be contacted if no <code class="option">-s</code>
7941757c1241fe30e30f921910595c8ac6af9ef1xy                  option is provided on the command line.
7941757c1241fe30e30f921910595c8ac6af9ef1xy                  <span class="command"><strong>default-key</strong></span> takes
7941757c1241fe30e30f921910595c8ac6af9ef1xy                  the name of a key as its argument, as defined by a <span class="command"><strong>key</strong></span> statement.
7941757c1241fe30e30f921910595c8ac6af9ef1xy                  <span class="command"><strong>default-port</strong></span> specifies the
7941757c1241fe30e30f921910595c8ac6af9ef1xy                  port to which
7941757c1241fe30e30f921910595c8ac6af9ef1xy                  <span class="command"><strong>rndc</strong></span> should connect if no
30a54d150ae431afae8d7ac98660078fc5fb4e44xy                  port is given on the command line or in a
30a54d150ae431afae8d7ac98660078fc5fb4e44xy                  <span class="command"><strong>server</strong></span> statement.
30a54d150ae431afae8d7ac98660078fc5fb4e44xy                </p>
30a54d150ae431afae8d7ac98660078fc5fb4e44xy<p>
30a54d150ae431afae8d7ac98660078fc5fb4e44xy                  The <span class="command"><strong>key</strong></span> statement defines a
30a54d150ae431afae8d7ac98660078fc5fb4e44xy                  key to be used
0f70fbf80d71251e7928b3122fb4848c2f92a5c6xy                  by <span class="command"><strong>rndc</strong></span> when authenticating
0f70fbf80d71251e7928b3122fb4848c2f92a5c6xy                  with
0f70fbf80d71251e7928b3122fb4848c2f92a5c6xy                  <span class="command"><strong>named</strong></span>.  Its syntax is
0f70fbf80d71251e7928b3122fb4848c2f92a5c6xy                  identical to the
0f70fbf80d71251e7928b3122fb4848c2f92a5c6xy                  <span class="command"><strong>key</strong></span> statement in <code class="filename">named.conf</code>.
5633182f116a16b7c1bbc302492a4780df929221yy                  The keyword <strong class="userinput"><code>key</code></strong> is
5633182f116a16b7c1bbc302492a4780df929221yy                  followed by a key name, which must be a valid
5633182f116a16b7c1bbc302492a4780df929221yy                  domain name, though it need not actually be hierarchical;
5633182f116a16b7c1bbc302492a4780df929221yy                  thus,
5633182f116a16b7c1bbc302492a4780df929221yy                  a string like "<strong class="userinput"><code>rndc_key</code></strong>" is a valid
5633182f116a16b7c1bbc302492a4780df929221yy                  name.
8bfe3c7bb1fe581a62574aa58af260ffdba7993byy                  The <span class="command"><strong>key</strong></span> statement has two
8bfe3c7bb1fe581a62574aa58af260ffdba7993byy                  clauses:
8bfe3c7bb1fe581a62574aa58af260ffdba7993byy                  <span class="command"><strong>algorithm</strong></span> and <span class="command"><strong>secret</strong></span>.
8bfe3c7bb1fe581a62574aa58af260ffdba7993byy                  While the configuration parser will accept any string as the
8bfe3c7bb1fe581a62574aa58af260ffdba7993byy                  argument
                  to algorithm, currently only the strings
                  "<strong class="userinput"><code>hmac-md5</code></strong>",
                  "<strong class="userinput"><code>hmac-sha1</code></strong>",
                  "<strong class="userinput"><code>hmac-sha224</code></strong>",
                  "<strong class="userinput"><code>hmac-sha256</code></strong>",
                  "<strong class="userinput"><code>hmac-sha384</code></strong>"
                  and "<strong class="userinput"><code>hmac-sha512</code></strong>"
                  have any meaning.  The secret is a base-64 encoded string
                  as specified in RFC 3548.
                </p>
<p>
                  The <span class="command"><strong>server</strong></span> statement
                  associates a key
                  defined using the <span class="command"><strong>key</strong></span>
                  statement with a server.
                  The keyword <strong class="userinput"><code>server</code></strong> is followed by a
                  host name or address.  The <span class="command"><strong>server</strong></span> statement
                  has two clauses: <span class="command"><strong>key</strong></span> and <span class="command"><strong>port</strong></span>.
                  The <span class="command"><strong>key</strong></span> clause specifies the
                  name of the key
                  to be used when communicating with this server, and the
                  <span class="command"><strong>port</strong></span> clause can be used to
                  specify the port <span class="command"><strong>rndc</strong></span> should
                  connect
                  to on the server.
                </p>
<p>
                  A sample minimal configuration file is as follows:
                </p>
<pre class="programlisting">
key rndc_key {
     algorithm "hmac-sha256";
     secret
       "c3Ryb25nIGVub3VnaCBmb3IgYSBtYW4gYnV0IG1hZGUgZm9yIGEgd29tYW4K";
};
options {
     default-server 127.0.0.1;
     default-key    rndc_key;
};
</pre>
<p>
                  This file, if installed as <code class="filename">/etc/rndc.conf</code>,
                  would allow the command:
                </p>
<p>
                  <code class="prompt">$ </code><strong class="userinput"><code>rndc reload</code></strong>
                </p>
<p>
                  to connect to 127.0.0.1 port 953 and cause the name server
                  to reload, if a name server on the local machine were
                  running with
                  following controls statements:
                </p>
<pre class="programlisting">
controls {
        inet 127.0.0.1
            allow { localhost; } keys { rndc_key; };
};
</pre>
<p>
                  and it had an identical key statement for
                  <code class="literal">rndc_key</code>.
                </p>
<p>
                  Running the <span class="command"><strong>rndc-confgen</strong></span>
                  program will
                  conveniently create a <code class="filename">rndc.conf</code>
                  file for you, and also display the
                  corresponding <span class="command"><strong>controls</strong></span>
                  statement that you need to
                  add to <code class="filename">named.conf</code>.
                  Alternatively,
                  you can run <span class="command"><strong>rndc-confgen -a</strong></span>
                  to set up
                  a <code class="filename">rndc.key</code> file and not
                  modify
                  <code class="filename">named.conf</code> at all.
                </p>
</dd>
</dl></div>
</div>
</div>
<div class="section">
<div class="titlepage"><div><div><h3 class="title">
<a name="signals"></a>Signals</h3></div></div></div>
<p>
          Certain UNIX signals cause the name server to take specific
          actions, as described in the following table.  These signals can
          be sent using the <span class="command"><strong>kill</strong></span> command.
        </p>
<div class="informaltable"><table border="1">
<colgroup>
<col width="1.125in" class="1">
<col width="4.000in" class="2">
</colgroup>
<tbody>
<tr>
<td>
                  <p><span class="command"><strong>SIGHUP</strong></span></p>
                </td>
<td>
                  <p>
                    Causes the server to read <code class="filename">named.conf</code> and
                    reload the database.
                  </p>
                </td>
</tr>
<tr>
<td>
                  <p><span class="command"><strong>SIGTERM</strong></span></p>
                </td>
<td>
                  <p>
                    Causes the server to clean up and exit.
                  </p>
                </td>
</tr>
<tr>
<td>
                  <p><span class="command"><strong>SIGINT</strong></span></p>
                </td>
<td>
                  <p>
                    Causes the server to clean up and exit.
                  </p>
                </td>
</tr>
</tbody>
</table></div>
</div>
</div>
</div>
<div class="navfooter">
<hr>
<table width="100%" summary="Navigation footer">
<tr>
<td width="40%" align="left">
<a accesskey="p" href="Bv9ARM.ch02.html">Prev</a>�</td>
<td width="20%" align="center">�</td>
<td width="40%" align="right">�<a accesskey="n" href="Bv9ARM.ch04.html">Next</a>
</td>
</tr>
<tr>
<td width="40%" align="left" valign="top">Chapter�2.�<acronym class="acronym">BIND</acronym> Resource Requirements�</td>
<td width="20%" align="center"><a accesskey="h" href="Bv9ARM.html">Home</a></td>
<td width="40%" align="right" valign="top">�Chapter�4.�Advanced DNS Features</td>
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.0pre-alpha</p>
</body>
</html>